ETXT is an open source program of only 97Kb in size, it doesn’t need installation, it can be executed from within a USB thumbdrive making it ideal for use at public computers, the software doesn’t need administrator rights to run either.
This free encryption notepad tool is very simple to use, the text can not be formatted with bold, colouring or any other fancy features, you simple write your message, click on Save and a .etxt (encrypted text) file will be created. To read the ciphered text message all that it is needed is to use the program to select the file and it immediately be decrypted as soon as you open it up, there is no password to be used.
ETXT encrypted text notes
I was very disappointed with this software, it claims to encrypt text messages but I could not find anywhere what algorithm they are using for that which makes me think that it could be some kind of untested home brew encryption algorithm, a bigger disappointment was the lack of password protection, anyone who comes across your encrypted text message can read it by just downloading the program and opening it up, all they need to do is guessing what software you used for encryption, if you really need that kind of weak protection you could encrypt and decrypt your messages online with the weak ROT13 or Base64 ciphers, there are plenty of websites for that.
There are many disposable email address (DEA) services but they are limited in time which means you have to get a new email every time you open an account and you have to use the webmail interface they provide you to retrieve email. NotSharingMyInfo will automatically send all email to your real email account and the forwarding address they give to you will not be deleted, you can reuse that very same address to recover passwords if necessary, a feature requiring the email you previously used for registration.
If you start to get spam you can cancel your NotSharingMyInfo email address asking for a cancellation email link to your real email address. The best feature of this privacy email address is that it is very quick to open an account with them, you are asked for zero details to sign up, just an email address where to forward the messages is necessary, a Chrome browser addon to create a disposable email address is available.
NotSharingMyInfo DEA address
I would have preferred it if the email domain name was something neutral not disclosing on the URL that it is a forwarding cover address, another problem is that if you want to reply to a message you will have to fake the headers to make it look like it came from your NotSharingMyInfo alias. The service appears designed to protect your privacy rather than spam, to stop spam is best to use a disposable email address with a time limitation and not made permanent.
If you want an alternative to this disposable email address you can open an account with an email service that allows aliases, I am using GMX and Yahoo Mail and they both allow me to create an alias that can be disabled and forwards to my real inbox but they require registration.
This addon utility will encrypt your files before they are sent for storage to the cloud, it is a good way to securely share folders online. Some online storage services that do not use encryption or services with a backdoor in their “encrypted” servers, like DropBox, will find it impossible to look at your files if you have encrypted them with LocBox before uploading it. This tool for secure cloud storage uses the AES256 cipher and SHA256 for encryption, there is no backdoor, if the key you have used to encrypt the files is erased, there will be no way to access the files.
The best feature of LocBox is probably how easy it makes to share files with multiple people, you can create various encryption keys and store all of the files in the same folder, because they have been encrypted with a different key, not everyone will be capable to access them even if they see the files. LocBox makes it very easy for users to identify what key has been used to encrypt each file, when someone access the folder online he will be able to identify his own files by looking at the used encryption keyfile.
LocBox cloud files encryption
The premium version of LocBox can be run off a USB thumbdrive, what I believe could be improved is that the password is shown in clear text and not behind asterisks, this is not suitable to be used at public computers where anyone could see what you type on the screen, on the other hand LocBox advantage over other encryption utilities is that it does not require administrator rights (once installed in the thumbdrive) which is one of the main obstacles when using portable encryption programs at public computers (internet cafe, library,etc).
The most common way to find out who is hosting a website is by doing a whois on the domain name and looking at the Domain Name System (DNS) which often leads to the hosting provider, but in occasions some webhost do not use an obvious NS name making it difficult to find out who the host is, it is also possible for those on a dedicated server to create their own custom DNS name throwing off the trail anyone investigating them, or to use a free DNS provider that helps hide the real hosting company.
HostLogr.com: This free service will show you a website data centre physical location, can be useful to troubleshoot ping rates and latency as well, it will also the website IP with a list of websites sharing the same IP, a common happening in shared hosting, but this does not mean that all those sites belong to the same owner, just that they are on the same server.
Who-Hosts.com: This service will name the webhosting company behind a website. If you are going to report abuse this is much more useful than finding out about the data centre since abuse reports should be send to the hosting company and not the data centre.
Who-Hosts finds out who is hosting a website
Whois.Domaintools.com: A very complete domain name information tool, with details about domain name registrar changes, IP history, whois history changes and DNS changes. This data will not tell you who is hosting a domain name but domain ownership and registration dates can help you work out what a website has been up to in the past. You will need the paid for version of Domaintools to get access to the most advanced features..
Ishostedby.com: A simple report tool showing a map with the exact geographical location of the server, the IP and the data centre where the server resides, a data centre is also the ISP for that server/website, if a hosting company ignores an abuse report it might be worthwhile try to send an abuse complaint to the data centre as a last resort.
PRTG (Paessler Router Traffic Grapher) Network Monitor is a Windows only free monitoring tool to scrutiny network traffic and evaluate performance (i.e. availability and usage), it enables network administrators to find out the CPU and memory load providing live readings. This network tool displays very detailed information with easy to understand graphs allowing you to see what traffic is roaming through your network, PRTG Network Monitor comes preconfigured with templates for various devices, it can analyze any device attached to your computer network, including routers, servers and firewalls.
PRTG Network Monitor software
Understanding network usage is fundamental to optimize it and avoid bandwidth bottlenecks, network monitoring software helps you discover traffic jams and troubleshoot network problems. The software is comprehensive, it has an intuitive multilingual interface that can be password protected, access is possible using an Internet browser locally or over the Internet, using an iPhone/iPad app (called iPRTG) or using a Windows GUI. A system tray balloon will immediately notify you of problems when they occur, if you are away from your computer just set up notifications to your email or mobile phone via SMS, the free version comes with 10 sensor types (over 100 sensors in the commercial version) looking at TCP/IP connectivity, HTTP, SMTP, FTP, SSH, etc.
PRTG Network monitor includes a packet sniffer that makes for a good alternative to Wireshark, it can monitor network users capturing packets and find out what websites they visit in real time, if you suspect an unauthorized person is using your wireless network this home network software will help you find out their hardware MAC address and what they are doing, once you choose the network adapter you would like to monitor (i.e. wireless or Ethernet) you can instruct PRTG to log all captured traffic to review it later on.You will need some basic understanding of network protocols before using this tool, other than that, it is very easy to manage.
Link Password is a Firefox addon to encrypt your Firefox browser bookmarks using the symmetric AES cipher, you could combine Firefox Private Browsing mode that runs in RAM memory and does not save anything to your hard disk, with this privacy Firefox addon that will hide what your favourite sites are, it can be useful for those sharing computer at home or an Internet cafe, library, etc.
If you already have bookmarked link you can choose to encrypt them, Link Password can encrypt individual links or the folders containing them, it uses its own protocol “linkpassword“, the links can be renamed and rolled back if necesary, when you click on a link you will be asked for the password before it can be opened, decryption and encryption of bookmarks can be done with using a right click.
Link Password Firefox privacy addon
An alternative to Link Password would be to create an encrypted container and store Firefox Portable inside (including bookmarks), but encryption software like Truecrypt requires administrator rights and can not be used at libraries and Internet cafes where you are logged in as a user.
Mozilla Labs, the makers of Firefox browser and Thunderbird, have come up with an experimental browser based single login system called Mozilla Persona. After a user has verified his email address by visiting a link sent to his inbox he can claim ownership and use that email address and a chosen password to login at any site supporting Mozilla Persona, very few at the moment, you will know if a site supports Mozilla Persona when they show the logo.
The main advantages of Mozilla Persona are that it saves surfers from having to remember dozens of different usernames and passwords across sites, it does not leak information to the website you log in and it works across browsers, site authentication only needs Javascript enabled to work .
The Mozilla Persona website is used as authentication backend server holding user’s email details, but anyone can run their own verification server, Mozilla Persona is a decentralized login system. When a user logs into a Mozilla Persona identity provider a set of public/private encryption keys will be created inside the browser using javascript, the public encryption key is then sent to the Mozilla Persona identity provider where it will be used to sign an identity certificate before sending it to the user’s browser for storage.
Any website requiring a user to login using Mozilla Persona will use javascript to prompt the user if wishes to login, if he agrees the browser will send the previously stored browser identity certificate, digitally signed with that user’s private encryption key, the login server will verify the signature asking the Mozilla Persona identity provider for the user’s public encryption key, making sure the digital signature is valid.
The disadvantages of Mozilla Persona are that websites need to support it and since many already support OpenID, Google Account login, Twitter and Facebook connect, they will be wondering if they really need to add even more login plug-ins, another downside is that if your Mozilla Persona provider goes down you will be unable to login to dozens of sites. This is what happened to my OpenID provider some time ago and it was then that I made the decision not to use OpenID anymore, failure of the authentication server or a denial of service attack against the server constitutes a huge risk.
How Mozilla Persona works
Mozilla Persona vs OpenID
OpenID is a more seasoned one click authentication system that shares some common ground with Mozilla Persona, both systems need a single username and password to login across multiple sites and act like a third party authentication server working across browsers, the main differences are:
Mozilla Persona does not involve the identity provider in the login process whereas OpenID identity providers are part of the authentication process, this means that OpenID identity providers are aware of the sites you are a member of, Mozilla Persona protects your login activities from identity providers, OpenID does not.
Mozilla Persona has been designed to tightly integrate with the browser with the login process taking part within it, a Firefox add-on is in the making, OpenID redirects you to a website for the login process to take place.
Mozilla Persona always identifies users with their email address, OpenID authentication process does not always implicate a user email address.
Conclusion Mozilla Persona
I fail to see how Mozilla Persona is any better than a password manager, Mozilla Persona simplifies login across multiple sites by only needing a single password and a password managers will automatically fill in your username/password, not having to type it in, all you need to know is the masterpass, just like with Mozilla Persona ID.
Mozilla Persona can be a good replacement for those endangering their privacy using Facebook connect and Twitter accounts to login at other sites, by using Facebook connect you are giving third party companies access to private data, Mozilla Persona, like OpenID, will stop that, but I am not seeing myself using Mozilla Persona any time soon.
I am very happy with my offline password manager and I believe it is a much more secure login system than using a server that I have never seen or audited to manage my login credentials for dozens of sites.
Note: Mozilla Persona used to be called BrowserID, this post has been updated accordingly.
